Merge pull request #2185 from alexcrichton/fuzz-maybe-invalid

Expand modules instantiated in instantiate-wasm-smith
2020-09-08 17:05:46 -07:00
parent 3d6c4d312f 38428e1fbb
commit 3a602994e6
5 changed files with 31 additions and 6 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2296,9 +2296,9 @@ dependencies = [

 [[package]]
 name = "wasm-smith"
-version = "0.1.3"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "282c6162f6e30c663bf473bba323950eb494d7de1899e259024ffeb127cf5733"
+checksum = "5ff896bbe4adf62d6a909708c34db3ad94ce2103daa9673f64fe15e60ba70dad"
 dependencies = [
 "arbitrary",
 "leb128",
--- a/crates/fuzzing/src/oracles.rs
+++ b/crates/fuzzing/src/oracles.rs
@@ -16,6 +16,7 @@ use dummy::dummy_imports;
 use std::cell::Cell;
 use std::rc::Rc;
 use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
+use std::time::Duration;
 use wasmtime::*;
 use wasmtime_wast::WastContext;

@@ -53,7 +54,7 @@ fn log_wat(wat: &str) {
 ///
 /// You can control which compiler is used via passing a `Strategy`.
 pub fn instantiate(wasm: &[u8], strategy: Strategy) {
-    instantiate_with_config(wasm, crate::fuzz_default_config(strategy).unwrap());
+    instantiate_with_config(wasm, crate::fuzz_default_config(strategy).unwrap(), None);
 }

 /// Instantiate the Wasm buffer, and implicitly fail if we have an unexpected
@@ -62,12 +63,21 @@ pub fn instantiate(wasm: &[u8], strategy: Strategy) {
 /// The engine will be configured using provided config.
 ///
 /// See also `instantiate` functions.
-pub fn instantiate_with_config(wasm: &[u8], config: Config) {
+pub fn instantiate_with_config(wasm: &[u8], mut config: Config, timeout: Option<Duration>) {
    crate::init_fuzzing();

    let engine = Engine::new(&config);
    let store = Store::new(&engine);

+    if let Some(timeout) = timeout {
+        config.interruptable(true);
+        let handle = store.interrupt_handle().unwrap();
+        std::thread::spawn(move || {
+            std::thread::sleep(timeout);
+            handle.interrupt();
+        });
+    }
+
    log_wasm(wasm);
    let module = match Module::new(&engine, wasm) {
        Ok(module) => module,
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -17,7 +17,7 @@ target-lexicon = "0.10"
 peepmatic-fuzzing = { path = "../cranelift/peepmatic/crates/fuzzing", optional = true }
 wasmtime = { path = "../crates/wasmtime" }
 wasmtime-fuzzing = { path = "../crates/fuzzing" }
-wasm-smith = "0.1.3"
+wasm-smith = "0.1.5"

 [[bin]]
 name = "compile"
--- a/fuzz/fuzz_targets/instantiate-maybe-invalid.rs
+++ b/fuzz/fuzz_targets/instantiate-maybe-invalid.rs
@@ -0,0 +1,15 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use std::time::Duration;
+use wasm_smith::Module;
+use wasmtime::Strategy;
+use wasmtime_fuzzing::oracles;
+
+fuzz_target!(|module: MaybeInvalidModule| {
+    oracles::instantiate_with_config(
+        &module.to_bytes(),
+        wasmtime_fuzzing::fuzz_default_config(Strategy::Auto),
+        Some(Duration::from_secs(20)),
+    );
+});
--- a/tests/all/fuzzing.rs
+++ b/tests/all/fuzzing.rs
@@ -26,5 +26,5 @@ fn instantiate_module_that_compiled_to_x64_has_register_32() {
    let mut config = Config::new();
    config.debug_info(true);
    let data = wat::parse_str(include_str!("./fuzzing/issue694.wat")).unwrap();
-    oracles::instantiate_with_config(&data, config);
+    oracles::instantiate_with_config(&data, config, None);
 }